fix: pre-release crashing on missing vulnerability rating (#790)

* fix: set default to empty instead of TBD * fix: get default current date as today * fix: exit when severity is missing * fix: define severity structure * fix: default to next week
nodejs · Mar 27, 2024 · bfababb · bfababb
1 parent fbdd466
commit bfababb
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/lib/prepare_security.js b/lib/prepare_security.js
@@ -118,9 +118,13 @@ class PrepareSecurityRelease {
   }
 
   async promptReleaseDate(cli) {
+    const nextWeekDate = new Date();
+    nextWeekDate.setDate(nextWeekDate.getDate() + 7);
+    // Format the date as YYYY/MM/DD
+    const formattedDate = nextWeekDate.toISOString().slice(0, 10).replace(/-/g, '/');
     return cli.prompt('Enter target release date in YYYY/MM/DD format:', {
       questionType: 'input',
-      defaultAnswer: 'TBD'
+      defaultAnswer: formattedDate
     });
   }
 
@@ -173,7 +177,11 @@ class PrepareSecurityRelease {
         relationships: { severity, weakness, reporter }
       } = report;
       const link = `https://hackerone.com/reports/${id}`;
-      let reportSeverity = 'TBD';
+      let reportSeverity = {
+        rating: '',
+        cvss_vector_string: '',
+        weakness_id: ''
+      };
       if (severity?.data?.attributes?.cvss_vector_string) {
         const { cvss_vector_string, rating } = severity.data.attributes;
         reportSeverity = {
@@ -184,8 +192,7 @@ class PrepareSecurityRelease {
       }
 
       cli.separator();
-      cli.info(`Report: ${link} - ${title} (${
-        reportSeverity?.rating?.toUpperCase() || reportSeverity})`);
+      cli.info(`Report: ${link} - ${title} (${reportSeverity?.rating})`);
       const include = await cli.prompt(
         'Would you like to include this report to the next security release?',
         { defaultAnswer: true });

diff --git a/lib/security_blog.js b/lib/security_blog.js
@@ -112,10 +112,11 @@ export default class SecurityBlog {
   }
 
   promptAnnouncementDate(cli) {
+    const today = new Date().toISOString().substring(0, 10).replace(/-/g, '/');
     return cli.prompt('When is the security release going to be announced? ' +
-      'Enter in YYYY-MM-DD format:', {
+      'Enter in YYYY/MM/DD format:', {
       questionType: 'input',
-      defaultAnswer: PLACEHOLDERS.annoucementDate
+      defaultAnswer: today
     });
   }
 
@@ -135,6 +136,11 @@ export default class SecurityBlog {
     for (const [key, value] of Object.entries(impact)) {
       const groupedByRating = Object.values(_.groupBy(value, 'severity.rating'))
         .map(severity => {
+          if (!severity[0]?.severity?.rating) {
+            this.cli.error(`severity.rating not found for the report ${severity[0].id}. \
+              Please add it manually before continuing.`);
+            process.exit(1);
+          }
           const firstSeverityRating = severity[0].severity.rating.toLocaleLowerCase();
           return `${severity.length} ${firstSeverityRating} severity issues`;
         }).join(', ');